loginState

This is for extensions on ChromeOS that need to behave differently based on whether a user is logged in or if the screen is locked.

Examples:

• A kiosk app that should only run when no user is signed in.
• A security extension that performs an action when the user locks their screen.
• A corporate extension that applies different settings depending on the user's session type.

{
  "name": "My ChromeOS Login State App",
  "version": "1.0",
  "manifest_version": 3,
  "permissions": [
    "loginState"
  ]
}

Why is it not risky?

This permission (only for ChromeOS) lets an extension know if you are logged in, at the login screen, or if your screen is locked.

It's a safe permission because it doesn't reveal who you are or what you are doing, only the status of the login session. For example, a security extension might use it to perform an action when you lock your screen.

This example gets the current session state and logs it.

// background.js or other script

async function getSessionState() {
  if (!chrome.loginState) {
    console.log('This API is only available on ChromeOS.');
    return;
  }
  try {
    // Which profile context the extension is running in.
    // Returns 'SIGNIN_PROFILE' (login screen) or 'USER_PROFILE'.
    const profileType = await chrome.loginState.getProfileType();
    console.log(`Profile type: ${profileType}`);

    // The current session state of the device.
    const sessionState = await chrome.loginState.getSessionState();
    console.log(`Session state: ${sessionState}`);
  } catch (error) {
    console.error('Error getting session state:', error);
  }
}

// You can also listen for changes
chrome.loginState.onSessionStateChanged.addListener((newState) => {
  console.log(`Session state changed to: ${newState}`);
});

getSessionState();